Thingiverse hacked! If you have an account there - better start changing passwords... - 3DPC

Thingiverse – the biggest platform with free 3D printing models has been hacked. Have I Been Pwned? reports that there has been a hack and theft of a 36 GB backup file containing 228,000 unique e-mail addresses and other information enabling the identification of people who have an account on the platform. The data is circulating on the popular hacking forum.

Data includes e-mail addresses, passwords, usernames, IP addresses, and in some cases, physical addresses of computers. Thingiverse’s owner, MakerBot (owned by Stratasys), knows about the incident, but has yet to issue an official data leak statement.

The leak was discovered by Troy Hunt – creator of Have I Been Pwned? After analyzing the feed from the hacking forum, Hunt reported that the backup file was publicly dumped exactly one year ago, on October 13, 2020, and has been exposed ever since. He also adds that the leaked data appears to be a MySQL database that contains over 255 million lines of data. “The earliest dates in the dataset appear to be about ten years ago, but I haven’t analyzed them thoroughly enough,” says Hunt.

Hunt says the vast majority of email addresses appear to be in the form of webdev + [username] @ makerbot.com. The following is an example of a complete record retrieved from the data table:


1[XXXXX]1,'[username]','webdev+[username]@makerbot.com','$2y$10$X26cQ2uz5Uh1EyfIabIpguXHcS7G3uJ1AC8MnvxQ7dlFewy8wUWQq',NULL,NULL,'',0,'','2018-02-19 06:07:43','2018-02-19 05:51:17',0,'cc-sa',1,1,1,1,1,1,1,NULL,0,0,0,0,'',0,'AR','Maker/Consumer','','1099',0,'199[X]-0[X]-25 00:00:00',NULL,0,NULL

The good news is that there is no trace of clear text passwords in the published dataset. Nevertheless, it is worth thinking about changing the password – and above all checking if the ones used on Thingiverse are not the same ones you use on other, slightly more important platforms…? Unfortunately, my e-mail address was on the leaked list – luckily, the password I used on Thingiverse was insignificant (“junk”). Anyway, I have already changed it, which I also urge you to do.

Source: www.centrumdruku3d.pl

Thingiverse hacked! If you have an account there – better start changing passwords…

BASF launches a new line of flexible filaments Ultrafuse TPU 64D, TPU 95A and TPS 90A

Stratasys signs a contract with Bone 3D to implement 3D printing in a French hospital network

A step forward in beverage carton recycling, with an additive twist

Volvo implements “cold spraying” from Titomic

Desktop Metal is preparing for a cash injection

More in 3D printing software

New functionality in Eiger from Markforged

Luma AI presents Genie – a tool for creating 3D models based on text

Bambu Lab intends to enable installation of third-party firmware on 3D printers

LATEST ARTICLES:

A step forward in beverage carton recycling, with an additive twist

Volvo implements “cold spraying” from Titomic

Desktop Metal is preparing for a cash injection

Wilson introduces an SLS basketball for sale

Uproar among Stratasys shareholders

Dassault Systèmes and BMW are strengthening their cooperation

Another SLM at the Collins Aerospace facility

ABOUT

CONTACT

OFFER INQUIRY:

You may also like

More in 3D printing software

LATEST ARTICLES:

Most popular articles